Details of VAR-202205-0169

ID

VAR-202205-0169

CVE

CVE-2022-29789

TITLE

Huawei of EMUI and HarmonyOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009632

DESCRIPTION

The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. The vulnerability stems from the failure of hiaiserver to strictly verify the validity of the attributes in the model

Trust: 1.8

sources: NVD: CVE-2022-29789 // JVNDB: JVNDB-2022-009632 // VULHUB: VHN-421298 // VULMON: CVE-2022-29789

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	eq	version:	2.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009632 // NVD: CVE-2022-29789

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-29789
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-29789
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202205-2547
value:	HIGH
Trust: 0.6
VULHUB:	VHN-421298
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-29789
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-421298
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-29789
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-29789
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-421298 // JVNDB: JVNDB-2022-009632 // CNNVD: CNNVD-202205-2547 // NVD: CVE-2022-29789

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-009632 // NVD: CVE-2022-29789

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2547

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-2547

PATCH

title:

HUAWEI HarmonyOS Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193768

Trust: 0.6

sources: CNNVD: CNNVD-202205-2547

EXTERNAL IDS

db:	NVD	id:	CVE-2022-29789	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-009632	Trust: 0.8
db:	CNNVD	id:	CNNVD-202205-2547	Trust: 0.6
db:	CNVD	id:	CNVD-2022-53576	Trust: 0.1
db:	VULHUB	id:	VHN-421298	Trust: 0.1
db:	VULMON	id:	CVE-2022-29789	Trust: 0.1

sources: VULHUB: VHN-421298 // VULMON: CVE-2022-29789 // JVNDB: JVNDB-2022-009632 // CNNVD: CNNVD-202205-2547 // NVD: CVE-2022-29789

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2022/5/	Trust: 2.6
url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202205-0000001245813162	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29789	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-29789/	Trust: 0.6
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202205-0000001292610341	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-421298 // VULMON: CVE-2022-29789 // JVNDB: JVNDB-2022-009632 // CNNVD: CNNVD-202205-2547 // NVD: CVE-2022-29789

SOURCES

db:	VULHUB	id:	VHN-421298
db:	VULMON	id:	CVE-2022-29789
db:	JVNDB	id:	JVNDB-2022-009632
db:	CNNVD	id:	CNNVD-202205-2547
db:	NVD	id:	CVE-2022-29789

LAST UPDATE DATE

2024-08-14T14:24:49.658000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-421298	date:	2022-05-23T00:00:00
db:	VULMON	id:	CVE-2022-29789	date:	2022-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-009632	date:	2023-08-07T08:14:00
db:	CNNVD	id:	CNNVD-202205-2547	date:	2022-05-24T00:00:00
db:	NVD	id:	CVE-2022-29789	date:	2022-05-23T18:43:11.697

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-421298	date:	2022-05-13T00:00:00
db:	VULMON	id:	CVE-2022-29789	date:	2022-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-009632	date:	2023-08-07T00:00:00
db:	CNNVD	id:	CNNVD-202205-2547	date:	2022-05-05T00:00:00
db:	NVD	id:	CVE-2022-29789	date:	2022-05-13T15:15:09.743